I added some kind of pre and post processing of Solr results for this, i.e.
If I find fieldname specified in query string in form of "fieldname:term" then I pass this query string to standard request handler, otherwise use DisMaxRequestHandler ( DisMaxRequestHandler doesn't break the query, at least I haven't seen yet ). If standard request handler throws error ( invalid field, too many clauses, etc ) then I pass original query to DisMax request handler. Alex On Mon, Nov 9, 2009 at 10:05 PM, michael8 <mich...@saracatech.com> wrote: > > Hi Julian, > > Saw you post on exactly the question I have. I'm curious if you got any > response directly, or figured out a way to do this by now that you could > share? I'm in the same situation trying to 'sanitize' the query string > coming in before handing it to solr. I do see that characters like ":" > could break the query, but am curious if anyone has come up with a general > solution as I think this must be a fairly common problem for any solr > deployment to tackle. > > Thanks, > Michael > > > Julian Davchev wrote: >> >> Hi, >> Is there anything special that can be done for sanitizing user input >> before passed as query to solr. >> Not allowing * and ? as first char is only thing I can thing of right >> now. Anything else it should somehow handle. >> >> I am not able to find any relevant document. >> >> > > -- > View this message in context: > http://old.nabble.com/sanizing-filtering-query-string-for-security-tp21516844p26271891.html > Sent from the Solr - User mailing list archive at Nabble.com. > >
